CVE-2016-4810 — Improper Access Control in Citrix Xenapp

CWE-284 — Improper Access Control4 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 55.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Xenapp Citrix Xendesktop Citrix ADM +6 more

Timeline

PublishedJun 1

Latest updateMay 17

Description

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

▶NVDcitrix/xendesktop4 versions+3

▶citrixcitrix/xendesktop

▶NVDcitrix/xenapp7.5, 7.6+1

▶citrixcitrix/xenapp

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-h2pq-m8mq-87vc: Citrix Studio before 7↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2016-4810: Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set A↗2016-06-01

▶

Citrix

Citrix Security Bulletin CTX213045↗

▶